🏠 Stonehenge Services
⬅️ Back to Life Memories
EVENT

State of Oregon v. Randal Schwartz

Type: event
Date: 1995-07-25
Location: Oregon
Participants: Randal Schwartz, Intel
Court_case: Washington County Circuit Court C94-0322CR
  • Overview: In late July 1995, Randal was convicted of three felony counts under Oregon's Computer Crime Law. The charges stemmed from security auditing activities (such as running Crack to audit password strength and creating network gateways) performed while working as an independent contractor at Intel's Beaverton facility.
  • The Three Felony Counts:
    • Count 1 (Activity between Nov 1, 1992 – Nov 1, 1993): Knowingly and without authorization altering a computer and computer network (consisting of Intel computers Mink and Brillig) by running a gateway/tunneling script.
    • Count 2 (Activity between Aug 1, 1993 – Nov 1, 1993): Accessing and using a computer network for the purpose of committing theft of the Intel SSD password file (running the Crack program to find weak passwords).
    • Count 3 (Activity between Oct 21, 1993 – Oct 25, 1993): Accessing and using a computer system for the purpose of committing theft of individual user passwords.
  • Defense Context:
    • The activities were standard system administration and security-hardening measures performed without malicious intent or harm. No information or economic benefit was removed from Intel.
    • The broad language of Oregon's Computer Crime Law allowed prosecution for technical policy violations without proof of intent to harm.
  • The Sentence (September 1995):
    • 5 years of probation.
    • 480 hours of community service.
    • 90 days of deferred (cancellable) jail time (later converted to suspended jail time in July 1998 due to perfect compliance).
    • $68,000 in restitution to Intel (later reversed on appeal).
    • Defense costs exceeded $170,000, supported in part by the Friends of Randal Schwartz (FORS) defense fund organized by the technical community.
  • Appeals & Expungement:
    • April 2001 Appeal: The Oregon Court of Appeals upheld the convictions but reversed the restitution order, sending it back to the lower court.
    • 2007 Expungement: The court ordered a full expungement (set aside the conviction), sealing court records and declaring that Randal "for all purposes of the law, shall be deemed not to have been previously convicted or arrested."
  • Advocacy & Public Speaking:
    • Following the trial, Randal turned his experience into a highly popular, cautionary technical presentation titled "Just another convicted Perl hacker" (a play on the classic JAPH signature). He delivered this talk at numerous Unix/Linux user groups, USENIX/LISA security conferences, and Dragon Con to educate other system administrators on the legal pitfalls and liabilities of security auditing in the workplace.
  • Permanent Consequences:
    • Despite the expungement, certain permanent consequences remain, such as being ineligible for some federal programs (like SENTRI) and being permanently barred from entering Canada or Australia.

What links here

🔗Intel 🔗 Llama Release and My Conviction Day 🔗Randal Schwartz
These facts are as Randal recalls them, but much time has passed for most of this. If you find a factual error, please email realmerlyn@gmail.com.